Skip to content

feat: workspace scripts with workflow output capture (#342)#343

Merged
marccampbell merged 3 commits into
mainfrom
feat/workspace-scripts-342
Jun 4, 2026
Merged

feat: workspace scripts with workflow output capture (#342)#343
marccampbell merged 3 commits into
mainfrom
feat/workspace-scripts-342

Conversation

@elasticclaw-factory

@elasticclaw-factory elasticclaw-factory Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Implements #342 — Add workspace scripts with workflow output capture.

Changes

Script Delivery

  • ReadTemplateFiles() now discovers files in scripts/ directory alongside templates
  • Scripts are delivered to claws at ~/.openclaw/workspace/scripts/ during bootstrap
  • Workflow on_enter.run.command can reference them as python scripts/analyze.py

Output Capture

  • Added Output field to pipeline.RunAction for naming captured outputs
  • Added pipeline_outputs SQLite table with schema, indexes, and migration
  • persistPipelineOutput() stores exit code, stdout, stderr, and parsed JSON
  • loadPipelineOutputs() returns all outputs for template rendering
  • Outputs survive hub restarts (persisted in DB, not just memory)

Template Integration

  • injectTemplateData() merges Outputs into template data for all rendering paths
  • Templates can reference outputs via {{ .Outputs.name.key }}
  • Works with Linear issues, GitHub issues, manual triggers, and move_issue templates

Security

  • validateScriptCommand() blocks path traversal (scripts/../etc/passwd)
  • Prevents commands from escaping the workspace scripts directory

Tests

  • TestPersistPipelineOutputStoresAndLoadsJSON — JSON output capture
  • TestPersistPipelineOutputNonJSON — graceful handling of non-JSON stdout
  • TestPersistPipelineOutputOverwrite — same-name output replacement
  • TestValidateScriptCommandBlocksTraversal — path traversal prevention
  • TestInjectTemplateDataMergesOutputs — template data merging
  • TestReadTemplateFilesIncludesScripts — script file discovery

@greptile-apps

This comment was marked as resolved.

Sign in to view
greptile-apps[bot]
greptile-apps Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread pkg/hub/pipeline_runner.go Outdated
Comment thread pkg/hub/pipeline_runner.go Outdated
Comment thread pkg/hub/pipeline_runner.go
@elasticclaw-factory elasticclaw-factory Bot force-pushed the feat/workspace-scripts-342 branch 2 times, most recently from 2d2ed37 to 6877495 Compare June 3, 2026 16:45
@greptile-apps

greptile-apps Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Reviews (2): Last reviewed commit: "feat: workspace scripts with workflow ou..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread pkg/hub/pipeline_runner.go
@elasticclaw-factory elasticclaw-factory Bot force-pushed the feat/workspace-scripts-342 branch from 6877495 to d541187 Compare June 3, 2026 16:55
@greptile-apps

This comment was marked as resolved.

Sign in to view
greptile-apps[bot]
greptile-apps Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread pkg/hub/pipeline_runner.go Outdated
@elasticclaw-factory elasticclaw-factory Bot force-pushed the feat/workspace-scripts-342 branch from d541187 to 60e366c Compare June 3, 2026 17:29
feat: workspace scripts with workflow output capture (#342)
1d56434 
- Add scripts/ directory discovery to ReadTemplateFiles for template delivery
- Add Output field to pipeline.RunAction for named output capture
- Add pipeline_outputs DB table with JSON parsing and persistence
- Implement persistPipelineOutput and loadPipelineOutputs methods
- Make outputs available in template rendering via {{ .Outputs.name.key }}
- Add path traversal validation for workflow script commands (rejects any token
  containing .., including inline flag values like --output=../../etc/passwd)
- Fix injectTemplateData to unconditionally set Outputs after merging baseData
- Fix loadPipelineOutputs to check rows.Err() after iteration
- Add comprehensive tests for output capture, persistence, and script delivery
@elasticclaw-factory elasticclaw-factory Bot force-pushed the feat/workspace-scripts-342 branch from 60e366c to 1d56434 Compare June 3, 2026 17:31
@greptile-apps

greptile-apps Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Reviews (4): Last reviewed commit: "fix: add db migration comment for pipeli..." | Re-trigger Greptile

@greptile-apps

greptile-apps Bot commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Reviews (5): Last reviewed commit: "chore: re-trigger CI" | Re-trigger Greptile

@marccampbell marccampbell merged commit 82c3ee5 into main Jun 4, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marccampbell